OnlineProxy proxy-checker when validating a proxy goes through several steps: it parses the entered data, tries to resolve the domain, connects via TCP, if necessary establishes TLS, then checks the operation of the protocol (HTTP/SOCKS) and access to the target site. At any step, the following error codes may appear — they help quickly understand exactly where the problem lies: in the proxy format, network, authentication, protocol, or blockers.
INVALID_PROXY_FORMAT — The proxy is entered in an invalid form. For example, the port is missing or there are extra characters. Technically: the string does not match the pattern host:port or user:pass@host:port, the port is out of range. See below for the list of supported formats.
DNS_RESOLUTION_FAILED — Unable to find the proxy server address by name. Usually the domain is misspelled or no longer exists. Technically: DNS returns NXDOMAIN, SERVFAIL or an empty result.
DNS_TIMEOUT — DNS “takes too long” and does not respond. This can happen due to provider issues or an overloaded resolver. Technically: DNS query timeout (UDP/TCP) when resolving the host.
DNS_RESOLVED_PRIVATE_IP — The proxy domain resolves to an internal IP that should not be visible from the internet. Often this is a sign of spoofing or misconfiguration. Technically: DNS resolves to private/loopback ranges 10., 172.16–31., 192.168., 127. or ::1.
TCP_REFUSED — The server refused the connection, as if the port is closed. Most often the service is not running or access is forbidden. Technically: TCP connection gets RST immediately after SYN (Connection refused).
TCP_TIMEOUT — Could not connect because no one responded. This happens during filtering, a “silent” firewall, or an incorrect IP. Technically: TCP handshake did not complete within the allotted time (SYN with no response).
TCP_RESET — The connection was reset during an established session. Sometimes this is done by a firewall, sometimes by the proxy itself under load. Technically: TCP RST received during an established session.
TLS_HANDSHAKE_FAILED — HTTPS could not complete the handshake and agree on encryption. The reason may lie in the proxy settings or in traffic substitution. Technically: TLS handshake error due to certificate, cipher suites, SNI/ALPN, or unexpected data.
TLS_TIMEOUT — Encryption did not start in time; the connection hung at the start of HTTPS. Often this is an unstable network or overloaded node. Technically: timeout on ClientHello/ServerHello/Finished stages.
SOCKS_UNSUPPORTED_VERSION — The proxy does not understand the requested SOCKS version. You connect as SOCKS5, but there may be another service on the port. Technically: the server replies with an incorrect VER or does not support SOCKS4/5.
SOCKS_NO_ACCEPTABLE_AUTH — The proxy did not accept the offered authentication methods. Usually it requires another method or is configured differently. Technically: SOCKS5 selects 0xFF (no acceptable methods) or rejects the set of methods.
SOCKS_AUTH_FAILED — Authentication failed, username or password is incorrect. Sometimes the password is correct, but the account is blocked. Technically: SOCKS5 username/password returns a failure status.
SOCKS_MALFORMED_REPLY — The proxy responds with “garbled” data that cannot be parsed. This happens with non-standard implementations or traffic corruption. Technically: incorrect REP/ATYP/LEN fields, truncated or incorrectly formed reply.
SOCKS_FAKE_SUCCESS — The proxy pretends that everything is connected, but nothing else works. This looks like “success with no traffic.” Technically: SOCKS REP=0, but subsequent reads are empty or the connection to the destination is not established.
HTTP_PROXY_AUTH_REQUIRED — The proxy requires a login and password. Without them it will not pass requests. Technically: received 407 Proxy Authentication Required response and the Proxy-Authenticate header.
HTTP_PROXY_FORBIDDEN — The proxy forbids access. The reason may be IP restrictions, tariff, geo, or access policies. Technically: responses 403/401 or a block by ACL, quotas, or provider policy.
HTTP_PROXY_PROTOCOL_ERROR — The proxy does not behave like an HTTP proxy: returns a strange response or breaks the format. This often happens when the port is not HTTP at all. Technically: incorrect reaction to CONNECT/GET, wrong status line or headers.
HTTP_HTML_ERROR_PAGE — Instead of a normal response, the proxy returned an HTML page with an error, a captcha, or “Access denied.” This is often a sign of substitution or filtering. Technically: HTML text received where a proxy response was expected.
TARGET_UNREACHABLE — It is impossible to reach the target site through the proxy. The proxy may have no internet access or a broken route. Technically: connection error to the target, ICMP unreachable, CONNECT failure, or no route.
TARGET_TIMEOUT — The site did not respond in time when operating through the proxy. Either the site is slow, or the proxy is unstable. Technically: timeout on connect/read to the target host via the proxy.
TARGET_BLOCKED — Access to the site is blocked on the proxy side. This can be a domain filter or content policy. Technically: deny-list, SNI/URL filtering, responses such as 403/451 or a blocking page.
NO_FIRST_BYTE — The connection seemed established, but no response started. Feels like “hanging empty.” Technically: no bytes received in response, TTFB exceeds the limit.
PARTIAL_RESPONSE — The response arrived incomplete and terminated mid-way. As a result, the page or data is corrupted. Technically: connection closed before the end of the body, Content-Length mismatch or chunked encoding errors.
READ_TIMEOUT — Data stopped arriving, and the wait stretched out. Sometimes the first bytes are present, but then there is “silence.” Technically: socket read timeout after establishing the connection (idle read timeout).
IP_MISMATCH — The outgoing IP turned out not to be the one expected. For example, not the right city or not the right pool. Technically: the actual egress IP differs from the one configured, ordered, or location-based.
TRANSPARENT_PROXY — The proxy is too “revealed” and does not look like a ordinary client. It may add service headers or modify requests. Technically: presence of Via, X-Forwarded-For, header changes and behavioral signs of a transparent proxy.
INCONSISTENT_IDENTITY — The proxy behaves inconsistently: today one “identity,” tomorrow another. This increases the risk of blocks. Technically: IPs, ASN, geo, TLS/HTTP signatures or session parameters vary.
HIGH_JITTER — The connection is unstable: delay keeps fluctuating. For bots and API this is often worse than just slow. Technically: high RTT variability, noticeable jitter across a series of measurements.
SLOW_PROXY — The proxy operates too slowly. Pages load slowly, requests “drag on.” Technically: high RTT, low throughput, poor download/upload and latency metrics.
FLAPPING_PROXY — The proxy sometimes works, sometimes fails. Checks may show success every other time. Technically: intermittent errors, alternating successful requests with timeouts, resets and refusals.
CHECK_TIMEOUT — The entire check did not fit into time. Sometimes the proxy is almost working, but one of the steps slows down. Technically: overall script timeout (DNS, TCP, TLS, HTTP) or retry limit exceeded.
UNKNOWN — Something unusual happened, and the system could not attribute it to known errors. Usually helps to repeat the check and view logs. Technically: unhandled exception, rare code or unexpected sequence of responses.
